bundle_update_interactive 0.5.0 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 32a7f01a5cd12b428ccbf01ae0dbe016fcea9d3a3ab9e390b602f9387ece19f8
-  data.tar.gz: 3fc3df0da19212ffa444e4d8b1d5ac6b4e33eff27704d7c0d18ea98c3aac1c91
+  metadata.gz: 58fa0e12f3322d018b1fcaa788dd3b8a2c3354042fe1e6ab21313d0bc0d7518b
+  data.tar.gz: a43866c8bad9bc0256b369cbf7e29db56c2b06293f2ae3a4a3e560ff75506e16
 SHA512:
-  metadata.gz: a13fb74ddbd25a6570b0ec6655b539328edca5140cb8156a2d1b94c64d0c5d195089330a408498a79d881d7b7013fb31b98490163250d1d7e34ab68499b7f291
-  data.tar.gz: db26535a1961ad67e3932f94ca358a747e8e1209b83f8c44070ded841338cf052123960ae8d89f6664c4aac7c4fc987ce07fa72cc1e373f772c48ba0d9c0054e
+  metadata.gz: 5325810c277c4a3f58d3308b9899c9097a2c723996e79030ccda96f79408c83734b2bcf9ae5920a1ee74f32837ebae91f4e946aa9ff08225db73bf6d06d69e91
+  data.tar.gz: d241d58cb408a0b6294a8b56e010b8ffa841bdbb5ccf28c794fb2db4ebcc562f7ec486742ec36720ed9522c9cf2ce1d27d8a68619fefbee59d28810b3044e7fb

data/README.md

@@ -63,6 +63,12 @@ Some gems, notably `rails`, are composed of smaller gems like `actionpack`, `act
 
 Therefore, if any Rails component has a security vulnerability, `bundle update-interactive` will automatically roll up that information into a single `rails` line item, so you can select it and upgrade all of its components in one shot.
 
+### Held back gems
+
+When a newer version of a gem is available, but updating is not allowed due to a Gemfile requirement, `update-interactive` will report that the gem has been held back.
+
+<img src="images/held-back.png" alt="Screenshot of rails and selenium-webdriver gems held back due to Gemfile requirements" width="717" />
+
 ### Changelogs
 
 `bundle update-interactive` will do its best to find an appropriate changelog for each gem.

data/lib/bundle_update_interactive/bundler_commands.rb

@@ -19,6 +19,14 @@ module BundleUpdateInteractive
         `#{command.join(" ")}`.tap { raise "bundle lock command failed" unless Process.last_status.success? }
       end
 
+      def parse_outdated(*gems)
+        command = ["#{bundle_bin.shellescape} outdated --parseable", *gems.flatten.map(&:shellescape)]
+        output = `#{command.join(" ")}`
+        raise "bundle outdated command failed" if output.empty? && !Process.last_status.success?
+
+        output.scan(/^(\S+) \(newest (\S+),/).to_h
+      end
+
       private
 
       def bundle_bin

data/lib/bundle_update_interactive/cli/multi_select.rb

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
 
+require "launchy"
 require "pastel"
 require "tty/prompt"
 require "tty/screen"
@@ -8,6 +9,7 @@ class BundleUpdateInteractive::CLI
   class MultiSelect
     class List < TTY::Prompt::MultiList
       def initialize(prompt, **options)
+        @opener = options.delete(:opener)
         defaults = {
           cycle: true,
           help_color: :itself.to_proc,
@@ -21,48 +23,64 @@ class BundleUpdateInteractive::CLI
       def selected_names
         ""
       end
+
+      # Unregister tty-prompt's default ctrl-a and ctrl-r bindings
+      alias select_all keyctrl_a
+      alias reverse_selection keyctrl_r
+      def keyctrl_a(*); end
+      def keyctrl_r(*); end
+
+      def keypress(event)
+        case event.value
+        when "k", "p" then keyup
+        when "j", "n" then keydown
+        when "a" then select_all
+        when "r" then reverse_selection
+        when "o" then opener&.call(choices[@active - 1].value)
+        end
+      end
+
+      private
+
+      attr_reader :opener
     end
 
-    def self.prompt_for_gems_to_update(outdated_gems)
-      table = Table.new(outdated_gems)
+    def self.prompt_for_gems_to_update(outdated_gems, prompt: nil)
+      table = Table.updatable(outdated_gems)
       title = "#{outdated_gems.length} gems can be updated."
-      chosen = new(title: title, table: table).prompt
+      opener = lambda do |gem|
+        url = outdated_gems[gem].changelog_uri
+        Launchy.open(url) unless url.nil?
+      end
+      chosen = new(title: title, table: table, prompt: prompt, opener: opener).prompt
       outdated_gems.slice(*chosen)
     end
 
-    def initialize(title:, table:)
+    def initialize(title:, table:, opener: nil, prompt: nil)
       @title = title
       @table = table
-      @tty_prompt = TTY::Prompt.new(
+      @opener = opener
+      @tty_prompt = prompt || TTY::Prompt.new(
         interrupt: lambda {
           puts
           exit(130)
         }
       )
-      add_keybindings
-
       @pastel = BundleUpdateInteractive.pastel
     end
 
     def prompt
       choices = table.gem_names.to_h { |name| [table.render_gem(name), name] }
-      tty_prompt.invoke_select(List, title, choices, help: help)
+      tty_prompt.invoke_select(List, title, choices, help: help, opener: opener)
     end
 
     private
 
-    attr_reader :pastel, :table, :tty_prompt, :title
-
-    def add_keybindings
-      tty_prompt.on(:keypress) do |event|
-        tty_prompt.trigger(:keyup) if %w[k p].include?(event.value)
-        tty_prompt.trigger(:keydown) if %w[j n].include?(event.value)
-      end
-    end
+    attr_reader :pastel, :table, :opener, :tty_prompt, :title
 
     def help
       [
-        pastel.dim("\nPress <space> to select, ↑/↓ move, <ctrl-a> all, <ctrl-r> reverse, <enter> to finish."),
+        pastel.dim("\nPress <space> to select, ↑/↓ move, <a> all, <r> reverse, <o> open url, <enter> to finish."),
         "\n    ",
         table.render_header
       ].join

data/lib/bundle_update_interactive/cli/row.rb

@@ -16,17 +16,6 @@ class BundleUpdateInteractive::CLI
       @pastel = BundleUpdateInteractive.pastel
     end
 
-    def to_a
-      [
-        formatted_gem_name,
-        formatted_current_version,
-        "→",
-        formatted_updated_version,
-        formatted_gemfile_groups,
-        formatted_changelog_uri
-      ]
-    end
-
     def formatted_gem_name
       vulnerable? ? pastel.white.on_red(name) : apply_semver_highlight(name)
     end
@@ -46,6 +35,10 @@ class BundleUpdateInteractive::CLI
       gemfile_groups&.map(&:inspect)&.join(", ")
     end
 
+    def formatted_gemfile_requirement
+      gemfile_requirement.to_s == ">= 0" ? "" : gemfile_requirement.to_s
+    end
+
     def formatted_changelog_uri
       pastel.blue(changelog_uri)
     end

data/lib/bundle_update_interactive/cli/table.rb

@@ -4,12 +4,44 @@ require "pastel"
 
 class BundleUpdateInteractive::CLI
   class Table
-    HEADERS = ["name", "from", nil, "to", "group", "url"].freeze
+    class << self
+      def withheld(gems)
+        columns = [
+          ["name", :formatted_gem_name],
+          ["requirement", :formatted_gemfile_requirement],
+          ["current", :formatted_current_version],
+          ["latest", :formatted_updated_version],
+          ["group", :formatted_gemfile_groups],
+          ["url", :formatted_changelog_uri]
+        ]
+        new(gems, columns)
+      end
 
-    def initialize(outdated_gems)
+      def updatable(gems)
+        columns = [
+          ["name", :formatted_gem_name],
+          ["from", :formatted_current_version],
+          [nil, "→"],
+          ["to", :formatted_updated_version],
+          ["group", :formatted_gemfile_groups],
+          ["url", :formatted_changelog_uri]
+        ]
+        new(gems, columns)
+      end
+    end
+
+    def initialize(gems, columns)
       @pastel = BundleUpdateInteractive.pastel
-      @headers = HEADERS.map { |h| pastel.dim.underline(h) }
-      @rows = outdated_gems.transform_values { |gem| Row.new(gem).to_a.map(&:to_s) }
+      @headers = columns.map { |header, _| pastel.dim.underline(header) }
+      @rows = gems.transform_values do |gem|
+        row = Row.new(gem)
+        columns.map do |_, col|
+          case col
+          when Symbol then row.public_send(col).to_s
+          when String then col
+          end
+        end
+      end
       @column_widths = calculate_column_widths
     end
 

data/lib/bundle_update_interactive/cli.rb

@@ -11,19 +11,16 @@ module BundleUpdateInteractive
 
     def run(argv: ARGV) # rubocop:disable Metrics/AbcSize
       options = Options.parse(argv)
-
       report = generate_report(options)
-      puts("No gems to update.").then { return } if report.updateable_gems.empty?
 
-      puts
-      puts legend
-      puts
-      selected_gems = MultiSelect.prompt_for_gems_to_update(report.updateable_gems)
+      puts_legend_and_withheld_gems(report) unless report.empty?
+      puts("No gems to update.").then { return } if report.updatable_gems.empty?
+
+      selected_gems = MultiSelect.prompt_for_gems_to_update(report.updatable_gems)
       puts("No gems to update.").then { return } if selected_gems.empty?
 
-      puts "\nUpdating the following gems."
-      puts
-      puts Table.new(selected_gems).render
+      puts "Updating the following gems."
+      puts Table.updatable(selected_gems).render
       puts
       report.bundle_update!(*selected_gems.keys)
     rescue Exception => e # rubocop:disable Lint/RescueException
@@ -32,6 +29,17 @@ module BundleUpdateInteractive
 
     private
 
+    def puts_legend_and_withheld_gems(report)
+      puts
+      puts legend
+      puts
+      return if report.withheld_gems.empty?
+
+      puts "The following gems are being held back and cannot be updated."
+      puts Table.withheld(report.withheld_gems).render
+      puts
+    end
+
     def legend
       pastel = BundleUpdateInteractive.pastel
       <<~LEGEND
@@ -46,14 +54,13 @@ module BundleUpdateInteractive
 
     def generate_report(options)
       whisper "Resolving latest gem versions..."
-      report = Report.generate(groups: options.exclusively)
-      updateable_gems = report.updateable_gems
-      return report if updateable_gems.empty?
+      report = Reporter.new(groups: options.exclusively).generate_report
+      return report if report.empty?
 
       whisper "Checking for security vulnerabilities..."
       report.scan_for_vulnerabilities!
 
-      progress "Finding changelogs", updateable_gems.values, &:changelog_uri
+      progress "Finding changelogs", report.all_gems.values, &:changelog_uri
       report
     end
 

data/lib/bundle_update_interactive/outdated_gem.rb

@@ -4,13 +4,14 @@ module BundleUpdateInteractive
   class OutdatedGem
     attr_accessor :name,
                   :gemfile_groups,
+                  :gemfile_requirement,
                   :git_source_uri,
                   :current_version,
                   :current_git_version,
                   :updated_version,
                   :updated_git_version
 
-    attr_writer :rubygems_source, :vulnerable
+    attr_writer :changelog_uri, :rubygems_source, :vulnerable
 
     def initialize(**attrs)
       @vulnerable = nil

data/lib/bundle_update_interactive/report.rb

@@ -7,38 +7,20 @@ require "set"
 
 module BundleUpdateInteractive
   class Report
-    class << self
-      def generate(groups: [])
-        gemfile = Gemfile.parse
-        current_lockfile = Lockfile.parse
-        gems = groups.any? ? current_lockfile.gems_exclusively_installed_by(gemfile: gemfile, groups: groups) : nil
+    attr_reader :withheld_gems, :updatable_gems
 
-        updated_lockfile = gems&.none? ? nil : Lockfile.parse(BundlerCommands.read_updated_lockfile(*Array(gems)))
-        new(gemfile: gemfile, current_lockfile: current_lockfile, updated_lockfile: updated_lockfile)
-      end
-    end
-
-    attr_reader :outdated_gems
-
-    def initialize(gemfile:, current_lockfile:, updated_lockfile:)
+    def initialize(current_lockfile:, withheld_gems:, updatable_gems:)
       @current_lockfile = current_lockfile
-      @outdated_gems = current_lockfile.entries.each_with_object({}) do |current_lockfile_entry, hash|
-        name = current_lockfile_entry.name
-        updated_lockfile_entry = updated_lockfile && updated_lockfile[name]
-        next unless current_lockfile_entry.older_than?(updated_lockfile_entry)
-
-        hash[name] = build_outdated_gem(current_lockfile_entry, updated_lockfile_entry, gemfile[name]&.groups)
-      end.freeze
+      @withheld_gems = withheld_gems.freeze
+      @updatable_gems = updatable_gems.freeze
     end
 
-    def [](gem_name)
-      outdated_gems[gem_name]
+    def empty?
+      withheld_gems.empty? && updatable_gems.empty?
     end
 
-    def updateable_gems
-      @updateable_gems ||= outdated_gems.reject do |name, _|
-        current_lockfile[name].exact_requirement?
-      end.freeze
+    def all_gems
+      @all_gems ||= withheld_gems.merge(updatable_gems)
     end
 
     def expand_gems_with_exact_dependencies(*gem_names)
@@ -47,13 +29,13 @@ module BundleUpdateInteractive
     end
 
     def scan_for_vulnerabilities!
-      return false if outdated_gems.empty?
+      return false if all_gems.empty?
 
       Bundler::Audit::Database.update!(quiet: true)
       audit_report = Bundler::Audit::Scanner.new.report
       vulnerable_gem_names = Set.new(audit_report.vulnerable_gems.map(&:name))
 
-      outdated_gems.each do |name, gem|
+      all_gems.each do |name, gem|
         gem.vulnerable = (vulnerable_gem_names & [name, *current_lockfile[name].exact_dependencies]).any?
       end
       true
@@ -67,18 +49,5 @@ module BundleUpdateInteractive
     private
 
     attr_reader :current_lockfile
-
-    def build_outdated_gem(current_lockfile_entry, updated_lockfile_entry, gemfile_groups)
-      OutdatedGem.new(
-        name: current_lockfile_entry.name,
-        gemfile_groups: gemfile_groups,
-        rubygems_source: updated_lockfile_entry.rubygems_source?,
-        git_source_uri: updated_lockfile_entry.git_source_uri&.to_s,
-        current_version: current_lockfile_entry.version.to_s,
-        current_git_version: current_lockfile_entry.git_version&.strip,
-        updated_version: updated_lockfile_entry.version.to_s,
-        updated_git_version: updated_lockfile_entry.git_version&.strip
-      )
-    end
   end
 end

data/lib/bundle_update_interactive/reporter.rb

@@ -0,0 +1,66 @@
+# frozen_string_literal: true
+
+module BundleUpdateInteractive
+  class Reporter
+    def initialize(groups: [])
+      @gemfile = Gemfile.parse
+      @current_lockfile = Lockfile.parse
+      @candidate_gems = current_lockfile.gems_exclusively_installed_by(gemfile: gemfile, groups: groups) if groups.any?
+    end
+
+    def generate_report
+      updatable_gems = find_updatable_gems
+      withheld_gems = find_withheld_gems(exclude: updatable_gems.keys)
+
+      Report.new(current_lockfile: current_lockfile, updatable_gems: updatable_gems, withheld_gems: withheld_gems)
+    end
+
+    private
+
+    attr_reader :gemfile, :current_lockfile, :candidate_gems
+
+    def find_updatable_gems
+      return {} if candidate_gems && candidate_gems.empty?
+
+      updated_lockfile = Lockfile.parse(BundlerCommands.read_updated_lockfile(*Array(candidate_gems)))
+      current_lockfile.entries.each_with_object({}) do |current_lockfile_entry, hash|
+        name = current_lockfile_entry.name
+        updated_lockfile_entry = updated_lockfile && updated_lockfile[name]
+        next unless current_lockfile_entry.older_than?(updated_lockfile_entry)
+        next if current_lockfile_entry.exact_requirement?
+
+        hash[name] = build_outdated_gem(name, updated_lockfile_entry.version, updated_lockfile_entry.git_version)
+      end
+    end
+
+    def build_outdated_gem(name, updated_version, updated_git_version)
+      current_lockfile_entry = current_lockfile[name]
+
+      OutdatedGem.new(
+        name: name,
+        gemfile_groups: gemfile[name]&.groups,
+        gemfile_requirement: gemfile[name]&.requirement&.to_s,
+        rubygems_source: current_lockfile_entry.rubygems_source?,
+        git_source_uri: current_lockfile_entry.git_source_uri&.to_s,
+        current_version: current_lockfile_entry.version.to_s,
+        current_git_version: current_lockfile_entry.git_version&.strip,
+        updated_version: updated_version.to_s,
+        updated_git_version: updated_git_version&.strip
+      )
+    end
+
+    def find_withheld_gems(exclude: [])
+      possibly_withheld = gemfile.dependencies.filter_map do |dep|
+        dep.name if dep.should_include? && !dep.requirement.none? # rubocop:disable Style/InverseMethods
+      end
+      possibly_withheld -= exclude
+      possibly_withheld &= candidate_gems unless candidate_gems.nil?
+
+      return {} if possibly_withheld.empty?
+
+      BundlerCommands.parse_outdated(*possibly_withheld).to_h do |name, newest|
+        [name, build_outdated_gem(name, newest, nil)]
+      end
+    end
+  end
+end

data/lib/bundle_update_interactive/semver_change.rb

@@ -10,10 +10,12 @@ module BundleUpdateInteractive
 
       @same_segments = new_segments.take_while.with_index { |seg, i| seg == old_segments[i] }
       @diff_segments = new_segments[same_segments.length..]
+
+      @changed = diff_segments.any? || old_segments.length != new_segments.length
     end
 
     def severity
-      return nil if diff_segments.empty?
+      return nil unless @changed
 
       SEVERITIES[same_segments.length] || :patch
     end

data/lib/bundle_update_interactive/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module BundleUpdateInteractive
-  VERSION = "0.5.0"
+  VERSION = "0.7.0"
 end

data/lib/bundle_update_interactive.rb

@@ -13,6 +13,7 @@ module BundleUpdateInteractive
   autoload :LockfileEntry, "bundle_update_interactive/lockfile_entry"
   autoload :OutdatedGem, "bundle_update_interactive/outdated_gem"
   autoload :Report, "bundle_update_interactive/report"
+  autoload :Reporter, "bundle_update_interactive/reporter"
   autoload :SemverChange, "bundle_update_interactive/semver_change"
   autoload :VERSION, "bundle_update_interactive/version"
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: bundle_update_interactive
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.7.0
 platform: ruby
 authors:
 - Matt Brictson
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-08-03 00:00:00.000000000 Z
+date: 2024-08-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -38,6 +38,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: 0.9.1
+- !ruby/object:Gem::Dependency
+  name: launchy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.5.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 2.5.0
 - !ruby/object:Gem::Dependency
   name: pastel
   requirement: !ruby/object:Gem::Requirement
@@ -108,6 +122,7 @@ files:
 - lib/bundle_update_interactive/lockfile_entry.rb
 - lib/bundle_update_interactive/outdated_gem.rb
 - lib/bundle_update_interactive/report.rb
+- lib/bundle_update_interactive/reporter.rb
 - lib/bundle_update_interactive/semver_change.rb
 - lib/bundle_update_interactive/version.rb
 homepage: https://github.com/mattbrictson/bundle_update_interactive